Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A segmentation fault in gf_dump_setup() at scene_manager/scene_dump.c:243 #1955

Closed
ZFeiXQ opened this issue Dec 10, 2021 · 0 comments
Closed

Comments

@ZFeiXQ
Copy link

ZFeiXQ commented Dec 10, 2021

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

Version:

./MP4Box -version
MP4Box - GPAC version 1.1.0-DEV-rev1527-g6fcf9819e-master
(c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
	MINI build (encoders, decoders, audio and video output disabled)

Please cite our work in your research:
	GPAC Filters: https://doi.org/10.1145/3339825.3394929
	GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --static-mp4box --prefix=/home/zxq/CVE_testing/sourceproject/gpac/cmakebuild --enable-debug
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG  GPAC_DISABLE_3D 

System information
Ubuntu 20.04.1 LTS, gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)

command:

./bin/gcc/MP4Box -lsr POC

POC.zip
Result

[iso file] extra box maxr found in hinf, deleting
[iso file] extra box maxr found in hinf, deleting
[ODF] Error reading descriptor (tag 4 size 0): Invalid MPEG-4 Descriptor
[iso file] Incomplete box mdat - start 11495 size 128
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] extra box maxr found in hinf, deleting
[iso file] extra box maxr found in hinf, deleting
[ODF] Error reading descriptor (tag 4 size 0): Invalid MPEG-4 Descriptor
[iso file] Incomplete box mdat - start 11495 size 128
[iso file] Incomplete file while reading for dump - aborting parsing
MPEG-4 BIFS Scene Parsing
[MP4 Loading] Unable to fetch sample 1 from track ID 8 - aborting track import
Scene loaded - dumping 1 systems streams
[1]    1233733 segmentation fault 

gdb information:

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x400788 --> 0x0 
RCX: 0x0 
RDX: 0x0 
RSI: 0x0 
RDI: 0x10f40f0 --> 0x10f4590 --> 0x10f4460 --> 0x70003 
RBP: 0x7fffffff87b0 --> 0x7fffffff8850 --> 0x7fffffff9950 --> 0x7fffffffe1f0 --> 0x7fffffffe210 --> 0xd078f0 (<__libc_csu_init>:	endbr64)
RSP: 0x7fffffff8750 --> 0x10f4090 --> 0x10002 
RIP: 0x6d9986 (<gf_dump_setup+365>:	movzx  eax,BYTE PTR [rax+0x8])
R8 : 0xe3d1d3 (" Scene Dump -->\n")
R9 : 0x12 
R10: 0xfffffffb 
R11: 0xe3d1c2 --> 0x565300526553414c ('LASeR')
R12: 0xd07990 (<__libc_csu_fini>:	endbr64)
R13: 0x0 
R14: 0x10a3018 --> 0xd7e490 (<__memmove_avx_unaligned_erms>:	endbr64)
R15: 0x0
EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x6d997a <gf_dump_setup+353>:	mov    QWORD PTR [rbp-0x38],rax
   0x6d997e <gf_dump_setup+357>:	mov    rax,QWORD PTR [rbp-0x38]
   0x6d9982 <gf_dump_setup+361>:	mov    rax,QWORD PTR [rax+0x18]
=> 0x6d9986 <gf_dump_setup+365>:	movzx  eax,BYTE PTR [rax+0x8]
   0x6d998a <gf_dump_setup+369>:	cmp    al,0x3
   0x6d998c <gf_dump_setup+371>:	jne    0x6d99ff <gf_dump_setup+486>
   0x6d998e <gf_dump_setup+373>:	mov    rax,QWORD PTR [rbp-0x38]
   0x6d9992 <gf_dump_setup+377>:	mov    rax,QWORD PTR [rax+0x18]
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff8750 --> 0x10f4090 --> 0x10002 
0008| 0x7fffffff8758 --> 0x10f47d0 --> 0x10e99f0 --> 0x0 
0016| 0x7fffffff8760 --> 0x500400788 
0024| 0x7fffffff8768 --> 0x200000000 
0032| 0x7fffffff8770 --> 0x10f4090 --> 0x10002 
0040| 0x7fffffff8778 --> 0x10f4460 --> 0x70003 
0048| 0x7fffffff8780 --> 0x7fffffff87b0 --> 0x7fffffff8850 --> 0x7fffffff9950 --> 0x7fffffffe1f0 --> 0x7fffffffe210 (--> ...)
0056| 0x7fffffff8788 --> 0x444a92 (<gf_list_enum+61>:	mov    QWORD PTR [rbp-0x8],rax)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
gf_dump_setup (sdump=0x10f47d0, root_od=0x10f4090) at scene_manager/scene_dump.c:243
243					if (esd->decoderConfig->streamType != GF_STREAM_SCENE) continue;

@jeanlf jeanlf closed this as completed in a07c649 Dec 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant